DOCSLIB.ORG

Digital Blackmail As an Emerging Tactic 2016

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Digital Blackmail As an Emerging Tactic 2016 September 9 DIGITAL BLACKMAIL AS AN EMERGING TACTIC 2016 Digital Blackmail (DB) represents a severe and growing threat to individuals, small businesses, corporations, and government Examining entities. The rapid increase in the use of DB such as Strategies ransomware; the proliferation of variants and growth in their ease of use and acquisition by cybercriminals; weak defenses; Public and and the anonymous nature of the money trail will only increase Private Entities the scale of future attacks. Private sector, non-governmental organization (NGO), and government cybersecurity experts Can Pursue to were brought together by the Office of the Director of National Contain Such Intelligence and the Department of Homeland Security to determine emerging tactics and countermeasures associated Attacks with the threat of DB. In this paper, DB is defined as illicitly acquiring or denying access to sensitive data for the purpose of affecting victims’ behaviors. Threats may be made of lost revenue, the release of intellectual property or sensitive personnel/client information, the destruction of critical data, or reputational damage. For clarity, this paper maps DB activities to traditional blackmail behaviors and explores methods and tools, exploits, protection measures, whether to pay or not pay the ransom, and law enforcement (LE) and government points of contact for incident response. The paper also examines the future of the DB threat. Digital Blackmail as an Emerging Tactic Team Members Name Organization Caitlin Bataillon FBI Lynn Choi-Brewer FBI James Dean TrueCourse Advisory Services WI Department of Justice – Division of Criminal Investigation: Julia Dorosz Wisconsin Statewide Intelligence Center Cindy Green-Ortiz Red Crystal Enterprises Kurt Jordan Christian Emergency Network Eric Kant Kant Consulting Group Christopher Porter FireEye Aaron Varrone Cisco 1 Critical Briefing Paper Findings “Digital Blackmail is almost a perfect storm of conditions for cyber-criminals – ease of access, use, and distribution of the malware; difficult attribution; high-value targets in low-security environments; and the ease of collection of ransom payments all feed fuel to the criminals as low pressures and warm moist air feed a hurricane.” Threat Analysis • Digital Blackmail (DB), in particular Ransomware, will be a long-term persistent threat • The threat horizons have dramatically grown, and continue to grow at a rapid rate • It is equal opportunity—threatening individuals, nonprofits, corporations of all sizes, government entities, and NGOs • Threats are non-discriminatory—with a slightly greater focus on sectors with low cybersecurity maturity levels—small/medium-sized firms, NGOs, Healthcare, etc. • Cybercriminal Ransomware kits are economical and easy to access, utilize, customize, and distribute, and virtual currencies make payments non-attributable • Ransomware holds a victim’s high-value targets (data) hostage for low payments • If not prepared, victims have little choice but to pay or sacrifice the hostage data • Ransomware may be used to maliciously coerce victims by threatening to release sensitive personal information, intellectual property, or information damaging to national security. “However, the properly prepared individual, company, government, or non- government entity has an excellent chance to detect and defeat an attack or to recover from a successful intrusion. Absent preparation, all is lost.” Countermeasures Analysis • The majority of Ransomware threats can be mitigated by continuous and strict adherence to standard cybersecurity best practices • If the threat is successful, recovery is usually possible if proper adherence to backup, recovery, and business continuity best practices have been followed • There is a growing body of services providing decryption keys for specific malware variants • Greater outreach is needed by government to all sectors to stress the importance of implementing and adhering to cybersecurity best practices 2 The Threats We Face Introduction Digital blackmail (DB) is illicitly acquiring or denying access to sensitive data for the purpose of affecting or controlling a person's, company’s, or government’s behavior. Blackmail can threaten lost revenue, the bulk release of sensitive data, or leaked embarrassing information, prevented only by a financial payoff to the attackers. DB may originate from insider threats, individual hackers, organized cybercriminal organizations, hacktivists, and state-sponsored actors. The tools for executing a ransomware attack are not only easy for an attacker to obtain and use, but are also relatively inexpensive. Although “ransomware” for criminal financial gain naturally first comes to mind when we think of DB, there are many other types of DB that may play out. • Attackers threaten to publicly release incriminating images or communications (e.g., “sextortion,” an already prevalent crime in Asia and Europe) unless a government official provides sensitive information (such as passwords to classified systems). Incriminating data could be personal, or that of close friends or relatives who have had their systems compromised by intrusive malware. • A military service member who receives an electronic threat that hostages will be killed or an attack will be carried out if sensitive military data is not revealed. • A government official receives a malware threat that attempts to coerce a change in Government policy/activity or sensitive/damaging information about the Government will be publicly released. • A high-volume program trader is threatened by malware to execute high-volume trades that can affect market activity—as in the “flash crash”—and destabilize the financial system or produce illegal gains for criminal cartels or terrorist organizations. • A broker who has access to hundreds of high-value funds is coerced by malware to transfer funds to a terrorist organization. • The 2014 North Korean extortion cyber attack against Sony Pictures Entertainment threatened the company with brand destruction. 3 • An executive of a major financial services firm (or hospital, as has been prevalent recently) is subjected to DB, threatened with the release of sensitive personal information about specific, high-value customers in furtherance of state-sponsored or hacktivist agendas. Obviously, traditional blackmail is one of the oldest forms of coercion. Much is known about that threat, which can be applied to today’s electronic version. However, DB differs from traditional blackmail in its ease of development and delivery, the speed and volume of attacks that can be mounted simultaneously, and its unique detection challenges. Still, DB has much commonality with traditional blackmail in the techniques used to extort (i.e., money, ideology, compromise, ego) and its goals (intelligence gathering, destabilization of the social fabric, influencing behavioral or policy change, financial gain, etc.). As such, it is useful to keep in mind that, although the medium of delivery is different, DB is still a traditional crime. Although this briefing paper focuses on financially-driven ransomware, executives of businesses and government institutions should keep in mind the other types of DB to which they may be subjected. Fortunately, the majority of the mitigation approaches outlined in this paper are effective against non-financial blackmail as well as financially- oriented blackmail. Despite the fact that ransomware is increasing at a dramatic rate, the mitigation approaches outlined in this paper, such as maintaining common cyber-hygiene techniques, utilizing good backup procedures, conducting anti-phishing training, and formulating a comprehensive Business Continuity Plan, are all standard cyber best practices—nothing new or extraordinary. If applied with good management discipline, these best practices can be very effective against many cyber threats. Ransomware – Types and History Ransomware has developed significantly since the first observed ransomware incidents in 1989, from simple blockers targeting Russian-speaking individuals to sophisticated encrypting ransomware types affecting individuals and businesses globally. The evolution of ransomware has been greatly influenced by ever-changing developments in culture, economics, security, and technology over time. In the past, malware was never specifically focused on the destruction of, or denial of access to, data held in the systems it infected. Most actors were primarily concerned with getting continued access to the data or the resources a system provided. Ransomware, however, has shifted this focus toward extortion. Actors are now denying access to data and demanding money in order to restore users’ access to this data.1 4 Definition Ransomware is a class of malware that has an end-goal of denying access to user data by specifically targeting user files but avoiding damage to system files. Ransomware behaves this way for two reasons: to ensure the user can be contacted and notified of what happened to her files, and to provide a way for the user to pay the ransom to regain access to her files.1 There are two basic types of ransomware in circulation. The most common type today is crypto ransomware, which aims to encrypt personal or corporate data and files. The other type, known as locker ransomware, is designed to lock the computer, disable a program or function on the device, and prevent victims from freely using the device.3 Crypto Ransomware This type of ransomware is designed to find and encrypt valuable data stored on
Load more

Recommended publications
  • Charging Language
    1. TABLE OF CONTENTS Abduction ................................................................................................73 By Relative.........................................................................................415-420 See Kidnapping Abuse, Animal ...............................................................................................358-362,365-368 Abuse, Child ................................................................................................74-77 Abuse, Vulnerable Adult ...............................................................................78,79 Accessory After The Fact ..............................................................................38 Adultery ................................................................................................357 Aircraft Explosive............................................................................................455 Alcohol AWOL Machine.................................................................................19,20 Retail/Retail Dealer ............................................................................14-18 Tax ................................................................................................20-21 Intoxicated – Endanger ......................................................................19 Disturbance .......................................................................................19 Drinking – Prohibited Places .............................................................17-20 Minors – Citation Only
    [Show full text]
  • Crimes Act 2016
    REPUBLIC OF NAURU Crimes Act 2016 ______________________________ Act No. 18 of 2016 ______________________________ TABLE OF PROVISIONS PART 1 – PRELIMINARY ....................................................................................................... 1 1 Short title .................................................................................................... 1 2 Commencement ......................................................................................... 1 3 Application ................................................................................................. 1 4 Codification ................................................................................................ 1 5 Standard geographical jurisdiction ............................................................. 2 6 Extraterritorial jurisdiction—ship or aircraft outside Nauru ......................... 2 7 Extraterritorial jurisdiction—transnational crime ......................................... 4 PART 2 – INTERPRETATION ................................................................................................ 6 8 Definitions .................................................................................................. 6 9 Definition of consent ................................................................................ 13 PART 3 – PRINCIPLES OF CRIMINAL RESPONSIBILITY ................................................. 14 DIVISION 3.1 – PURPOSE AND APPLICATION ................................................................. 14 10 Purpose
    [Show full text]
  • Competing Theories of Blackmail: an Empirical Research Critique of Criminal Law Theory
    Competing Theories of Blackmail: An Empirical Research Critique of Criminal Law Theory Paul H. Robinson,* Michael T. Cahill** & Daniel M. Bartels*** The crime of blackmail has risen to national media attention because of the David Letterman case, but this wonderfully curious offense has long been the favorite of clever criminal law theorists. It criminalizes the threat to do something that would not be criminal if one did it. There exists a rich liter- ature on the issue, with many prominent legal scholars offering their accounts. Each theorist has his own explanation as to why the blackmail offense exists. Most theories seek to justify the position that blackmail is a moral wrong and claim to offer an account that reflects widely shared moral intuitions. But the theories make widely varying assertions about what those shared intuitions are, while also lacking any evidence to support the assertions. This Article summarizes the results of an empirical study designed to test the competing theories of blackmail to see which best accords with pre- vailing sentiment. Using a variety of scenarios designed to isolate and test the various criteria different theorists have put forth as “the” key to blackmail, this study reveals which (if any) of the various theories of blackmail proposed to date truly reflects laypeople’s moral judgment. Blackmail is not only a common subject of scholarly theorizing but also a common object of criminal prohibition. Every American jurisdiction criminalizes blackmail, although there is considerable variation in its formulation. The Article reviews the American statutes and describes the three general approaches these provisions reflect.
    [Show full text]
  • Sexual Aggression and the Civil Response, Annual Review of Civil
    ANNUAL REVIEW OF CIVIL LITIGATION 2018 THE HONOURABLE MR.JUSTICE TODD L. ARCHIBALD SUPERIOR COURT OF JUSTICE (ONTARIO) # 2018 Thomson Reuters Canada NOTICE AND DISCLAIMER: All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher (Thomson Reuters Canada, a division of Thomson Reuters Canada Limited). Thomson Reuters Canada and all persons involved in the preparation and sale of this publication disclaim any warranty as to accuracy or currency of the publication. This publication is provided on the understanding and basis that none of Thomson Reuters Canada, the author/s or other persons involved in the creation of this publication shall be responsible for the accuracy or currency of the contents, or for the results of any action taken on the basis of the information contained in this publication, or for any errors or omissions contained herein. No one involved in this publication is attempting herein to render legal, accounting or other professional advice. If legal advice or other expert assistance is required, the services of a competent professional should be sought. The analysis contained herein should in no way be construed as being either official or unofficial policy of any governmental body. A cataloguing record for this publication is available from Library and Archives Canada. ISBN 978-0-7798-8457-5 Scan the QR code to the right with your smartphone to send your comments regarding our products and services. Free QR Code Readers are available from your mobile device app store.
    [Show full text]
  • CRIMINAL ATTEMPTS at COMMON LAW Edwin R
    [Vol. 102 CRIMINAL ATTEMPTS AT COMMON LAW Edwin R. Keedy t GENERAL PRINCIPLES Much has been written on the law of attempts to commit crimes 1 and much more will be written for this is one of the most interesting and difficult problems of the criminal law.2 In many discussions of criminal attempts decisions dealing with common law attempts, stat- utory attempts and aggravated assaults, such as assaults with intent to murder or to rob, are grouped indiscriminately. Since the defini- tions of statutory attempts frequently differ from the common law concepts,8 and since the meanings of assault differ widely,4 it is be- "Professor of Law Emeritus, University of Pennsylvania. 1. See Beale, Criminal Attempts, 16 HARv. L. REv. 491 (1903); Hoyles, The Essentials of Crime, 46 CAN. L.J. 393, 404 (1910) ; Cook, Act, Intention and Motive in the Criminal Law, 26 YALE L.J. 645 (1917) ; Sayre, Criminal Attempts, 41 HARv. L. REv. 821 (1928) ; Tulin, The Role of Penalties in the Criminal Law, 37 YALE L.J. 1048 (1928) ; Arnold, Criminal Attempts-The Rise and Fall of an Abstraction, 40 YALE L.J. 53 (1930); Curran, Criminal and Non-Criminal Attempts, 19 GEo. L.J. 185, 316 (1931); Strahorn, The Effect of Impossibility on Criminal Attempts, 78 U. OF PA. L. Rtv. 962 (1930); Derby, Criminal Attempt-A Discussion of Some New York Cases, 9 N.Y.U.L.Q. REv. 464 (1932); Turner, Attempts to Commit Crimes, 5 CA=. L.J. 230 (1934) ; Skilton, The Mental Element in a Criminal Attempt, 3 U.
    [Show full text]
  • SECOND CONCURRENCE SCHALLER, J., Concurring
    ****************************************************** The ``officially released'' date that appears near the beginning of each opinion is the date the opinion will be published in the Connecticut Law Journal or the date it was released as a slip opinion. The operative date for the beginning of all time periods for filing postopinion motions and petitions for certification is the ``officially released'' date appearing in the opinion. In no event will any such motions be accepted before the ``officially released'' date. All opinions are subject to modification and technical correction prior to official publication in the Connecti- cut Reports and Connecticut Appellate Reports. In the event of discrepancies between the electronic version of an opinion and the print version appearing in the Connecticut Law Journal and subsequently in the Con- necticut Reports or Connecticut Appellate Reports, the latest print version is to be considered authoritative. The syllabus and procedural history accompanying the opinion as it appears on the Commission on Official Legal Publications Electronic Bulletin Board Service and in the Connecticut Law Journal and bound volumes of official reports are copyrighted by the Secretary of the State, State of Connecticut, and may not be repro- duced and distributed without the express written per- mission of the Commission on Official Legal Publications, Judicial Branch, State of Connecticut. ****************************************************** CONNECTICUT COALITION FOR JUSTICE IN EDUCATION FUNDING, INC. v. RELLÐSECOND
    [Show full text]
  • Police Perjury: a Factorial Survey
    The author(s) shown below used Federal funds provided by the U.S. Department of Justice and prepared the following final report: Document Title: Police Perjury: A Factorial Survey Author(s): Michael Oliver Foley Document No.: 181241 Date Received: 04/14/2000 Award Number: 98-IJ-CX-0032 This report has not been published by the U.S. Department of Justice. To provide better customer service, NCJRS has made this Federally- funded grant final report available electronically in addition to traditional paper copies. Opinions or points of view expressed are those of the author(s) and do not necessarily reflect the official position or policies of the U.S. Department of Justice. FINAL-FINAL TO NCJRS Police Perjury: A Factorial Survey h4ichael Oliver Foley A dissertation submitted to the Graduate Faculty in Criminal Justice in partial fulfillment of the requirements for the degree of Doctor of Philosophy. The City University of New York. 2000 This document is a research report submitted to the U.S. Department of Justice. This report has not been published by the Department. Opinions or points of view expressed are those of the author(s) and do not necessarily reflect the official position or policies of the U.S. Department of Justice. I... I... , ii 02000 Michael Oliver Foley All Rights Reserved This document is a research report submitted to the U.S. Department of Justice. This report has not been published by the Department. Opinions or points of view expressed are those of the author(s) and do not necessarily reflect the official position or policies of the U.S.
    [Show full text]
  • Conflict of the Criminal Statute of Limitations with Lesser Offenses at Trial
    William & Mary Law Review Volume 37 (1995-1996) Issue 1 Article 10 October 1995 Conflict of the Criminal Statute of Limitations with Lesser Offenses at Trial Alan L. Adlestein Follow this and additional works at: https://scholarship.law.wm.edu/wmlr Part of the Criminal Law Commons Repository Citation Alan L. Adlestein, Conflict of the Criminal Statute of Limitations with Lesser Offenses at Trial, 37 Wm. & Mary L. Rev. 199 (1995), https://scholarship.law.wm.edu/wmlr/vol37/iss1/10 Copyright c 1995 by the authors. This article is brought to you by the William & Mary Law School Scholarship Repository. https://scholarship.law.wm.edu/wmlr CONFLICT OF THE CRIMINAL STATUTE OF LIMITATIONS WITH LESSER OFFENSES AT TRIAL ALAN L. ADLESTEIN I. INTRODUCTION ............................... 200 II. THE CRIMINAL STATUTE OF LIMITATIONS AND LESSER OFFENSES-DEVELOPMENT OF THE CONFLICT ........ 206 A. Prelude: The Problem of JurisdictionalLabels ..... 206 B. The JurisdictionalLabel and the CriminalStatute of Limitations ................ 207 C. The JurisdictionalLabel and the Lesser Offense .... 209 D. Challenges to the Jurisdictional Label-In re Winship, Keeble v. United States, and United States v. Wild ..................... 211 E. Lesser Offenses and the Supreme Court's Capital Cases- Beck v. Alabama, Spaziano v. Florida, and Schad v. Arizona ........................... 217 1. Beck v. Alabama-LegislativePreclusion of Lesser Offenses ................................ 217 2. Spaziano v. Florida-Does the Due Process Clause Require Waivability? ....................... 222 3. Schad v. Arizona-The Single Non-Capital Option ....................... 228 F. The Conflict Illustrated in the Federal Circuits and the States ....................... 230 1. The Conflict in the Federal Circuits ........... 232 2. The Conflict in the States .................. 234 III.
    [Show full text]
  • False Statements and Perjury: an Overview of Federal Criminal Law
    False Statements and Perjury: An Overview of Federal Criminal Law Charles Doyle Senior Specialist in American Public Law May 11, 2018 Congressional Research Service 7-5700 www.crs.gov 98-808 False Statements and Perjury: An Overview of Federal Criminal Law Summary Federal courts, Congress, and federal agencies rely upon truthful information in order to make informed decisions. Federal law therefore proscribes providing the federal courts, Congress, or federal agencies with false information. The prohibition takes four forms: false statements; perjury in judicial proceedings; perjury in other contexts; and subornation of perjury. Section 1001 of Title 18 of the United States Code, the general false statement statute, outlaws material false statements in matters within the jurisdiction of a federal agency or department. It reaches false statements in federal court and grand jury sessions as well as congressional hearings and administrative matters but not the statements of advocates or parties in court proceedings. Under Section 1001, a statement is a crime if it is false, regardless of whether it is made under oath. In contrast, an oath is the hallmark of the three perjury statutes in Title 18. The oldest, Section 1621, condemns presenting material false statements under oath in federal official proceedings. Section 1623 of the same title prohibits presenting material false statements under oath in federal court proceedings, although it lacks some of Section 1621’s traditional procedural features, such as a two-witness requirement. Subornation of perjury, barred in Section 1622, consists of inducing another to commit perjury. All four sections carry a penalty of imprisonment for not more than five years, although Section 1001 is punishable by imprisonment for not more than eight years when the offense involves terrorism or one of the various federal sex offenses.
    [Show full text]
  • 61-2G-306 Renewal of License, Certification, Or Registration. (1) To
    Utah Code 61-2g-306 Renewal of license, certification, or registration. (1) To renew a license, certification, or registration, before the license, certification, or registration expires, the holder of the license, certification, or registration shall submit to the division in compliance with procedures set through the concurrence of the division and the board: (a) an application for renewal; (b) a fee established by the division and the board, in accordance with Section 63J-1-504; and (c) evidence in the form prescribed by the division of having completed the continuing education requirements for renewal specified in this chapter. (2) (a) A license, certification, or registration expires if it is not renewed on or before its expiration date. (b) For a period of 30 days after the expiration date, a license, certification, or registration may be reinstated upon: (i) payment of a renewal fee and a late fee determined through the concurrence of the division and the board; and (ii) satisfying the continuing education requirements specified in Section 61-2g-307. (c) After the 30-day period described in Subsection (2)(b), and until six months after the expiration date, a license, certification, or registration may be reinstated by: (i) paying a renewal fee and a reinstatement fee determined through the concurrence of the division and the board; and (ii) satisfying the continuing education requirements specified in Section 61-2g-307. (d) After the six-month period described in Subsection (2)(c), and until one year after the expiration date, a
    [Show full text]
  • Preventing and Fighting the Rise of Online Sextortion and Gender Based Digital Violence
    European Crime Prevention Award (ECPA) Annex I – new version 2014 Please complete the template in English in compliance with the ECPA criteria contained in the RoP (Par.2 §3). General information 1. Please specify your country. Spain 2. Is this your country’s ECPA entry or an additional project? It is Spain’s ECPA entry 3. What is the title of the project? Preventing and fighting the rise of online Sextortion and Gender Based Digital Violence 4. Who is responsible for the project? Contact details. Jorge Flores, Founder and Director of PantallasAmigas. E-mail: [email protected] mobile:+34 605 72 81 21 5. Start date of the project (dd/mm/yyyy)? Is the project still running (Yes/No)? If not, please provide the end date of the project. 07/05/2009. The project is still running and is comprised of several of the following elements: awareness campaigns, interactive games, booklets and guides for teachers and educators, intervention protocols for victims, blogs and complaint forms. 6. Where can we find more information about the project? Please provide links to the project’s website or online reports or publications (preferably in English). A chapter for Harvard and UNICEF’s Digitally Connected ebook was written to explain the work on this ongoing project. The chapter is titled “Sexting: Teens, Sex, Smartphones and the Rise of Sextortion and Gender Based Digital Violence” and is available in the following link: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2585686 The full project is at the moment available only in Spanish
    [Show full text]
  • PDF-Download
    Order of the 1st Chamber of the Second Senate of 1 March 2004 – 2 BvR 1570/03 – in the proceedings on the constitutional complaint of the Turkish national A. ... against a) the order of the Higher Administrative Court (Oberverwaltungsgericht) for the Land North Rhine-Westphalia of 19 August 2003 – 18 B 1503/03 –, b) the order of Düsseldorf Administrative Court (Verwaltungsgericht) of 15 July 2003 – 24 L 1977/03 – and application to issue an injunction ... RULING: The constitutional complaint is not admitted for decision. The application to issue an injunction is therewith concluded. GROUNDS: I. 1. a) The applicant objects to his expulsion to Turkey. 1 He was born in Germany in 1983 and grew up here, where his parents and siblings 2 also live. He has had a permanent residence permit since December 1999. The applicant has come to the notice of the police several times since 2000. He was 3 sentenced most recently on 22 July 2002 in respect of joint robbery by blackmail in concurrence of offences with threat, robbery by blackmail in concurrence of offences with bodily harm, threat in concurrence of offences with deprivation of liberty and co- ercion, coercion in concurrence of offences with threat, threat in two cases in concur- rence of offences with theft resembling robbery, coercion and theft, as well as in re- spect of blackmail relating to the two latter convictions, to combined youth custody of three years and six months. In consequence of the latter conviction, the immigration authority expelled him by or- 4 der of 9 May 2003, ordered the immediate enforcement of this expulsion and an- nounced to him that he would be expelled from custody to Turkey.
    [Show full text]